Organizations Need Proper Procedures for Data Cleansing of Old Media

It’s a near daily occurrence for most enterprises—a laptop or server becomes obsolete or unusable. But often the most important step is forgotten before a new media is brought in. How do you ensure that the old device is cleansed of all usable traces of important data before it is disposed of?

Many organizations have internal procedures for disposing of technology, and those steps include wiping hard drives of data or restoring a device to its original status before use. But does this alone ensure that no discernible traces of private data are left on the media? Are there ways to absolutely be sure that the organization’s confidential information has been completely and absolutely removed? Or is there a level of data removal that may not be complete, but is acceptable?

According to the Information Technology Laboratory (ITL) and National Institute of Standards and Technology (NIST), cleansing processes may depend on the types of information on the media and the laws and regulations that dictate the privacy and security of such data based on certain types of business. These two organizations have teamed up to write a document that details the importance of media sanitization and the ways that organizations can make decisions about cleaning data from unused media prior to donation or disposal.

The “Guidelines for Media Sanitization” can be found in our IT Downloads area. According to the document, media cleansing may have various levels at which data removal is acceptable, but the decisions must be made based on the data, not the device:

The information security concern regarding information disposal and media sanitization resides not in the media but in the recorded information. The issue of media disposal and sanitization is driven by the information placed intentionally or unintentionally on the media. Electronic media used on a system should be assumed to contain information commensurate with the security categorization of the system’s confidentiality. If not handled properly, release of these media could lead to an occurrence of unauthorized disclosure of information.

The PDF explains why sanitization of media is important and the types of media that can be disposed. In fact, NIST explains that even hard copies of information (paper printouts, printer ribbons, and drums and platens) may be overlooked as containing important, possibly damaging data that could be harmful if in the wrong hands. Most modern media, however, is electronic. It is these types of devices that contain “bits and bytes such as hard drives, random access memory, read-only memory, disks, flash memory, memory devices, phones, mobile computing devices, networking devices, office equipment” and other technologies that can be most difficult to sanitize effectively.

Many jobs and positions within an organization are considered within the document as it explains these roles and the responsibilities they hold within the media sanitization process. Some, such as the CIO, may be charged with creating and disseminating the policy on media sanitization within the enterprise. Privacy and security officers may be responsible for advising the types of data that must be kept secured based on company policy or other regulations.

Kim Mays has been editing and writing about IT since 1999. She currently tackles the topics of small to midsize business technology and introducing new tools for IT. Follow Kim on Google+ or Twitter.

IT Solutions Builder
TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

This entire blog brings back memories of a news story that I viewed at one point. It involved a group of students heading to Africa to check old computer parts that were shipped there. On a hard drive that was simply being sold by a street vendor, they found top secret U.S. government budget files. That's why I feel that you should always make sure the data is removed in its entirety. Reply

Jul 15, 2016 9:40 AMLinda Boudreau
says:

Great post, thanks for sharing. Because of the rising importance of data-driven decision making, having a strong data governance team is an important part of the equation (as in the situation you mention in your blog), and will be one of the key factors in changing the future of business. There is so much great work being done with data cleansing tools in various industries such as financial services and health care. It will be interesting to see the impact of these changes down the road.
Linda Boudreau
http://DataLadder.comÂ
Reply

Please enable Javascript in your browser, before you post the comment! Now Javascript is disabled.

Post a comment

Your name/nickname

Your email

WebSite

Subject

(Maximum characters: 1200). You have 1200 characters left.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.